Own Certificate (imscp_services) on Buster

    - IMSCP: 1.5.3

    - Distribution: Debian 10


    I see many of "lost connection after EHLO from unknown" messages in my mail.log


    I use my own certificate for imscp_services.pem. Is this procedure correct for use with Buster?

    immuniweb shows +A score but also: (CERTIFICATE CHAIN) Server sends an unnecessary root certificate.

    https://www.immuniweb.com/ssl/


    Certificate PEM procedure:

    Code
    1. cd /root
    2. openssl req -new -nodes -keyout imscp.key -out imscp.csr -newkey rsa:2048
    4. cat imscp.key host1.mydomain.tld.crt host1.mydomain.tld.ca-bundle > imscp_services.pem
    6. cp imscp_services.pem /etc/imscp
    8. chmod 640 /etc/imscp/imscp_services.pem
    9. chmod 400 imscp.key

    main.cf paths:

    Code
    1. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    2. smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    3. smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    4. compatibility_level = 2
    5. smtpd_tls_cert_file = /etc/imscp/imscp_services.pem
    6. smtpd_tls_key_file = /etc/imscp/imscp_services.pem


    is that all correct?

    mail_version = 3.4.14


    do you think that could cause a problem when using the single .pem file > imscp_services.pem ?


    see:

    http://www.postfix.org/TLS_README.html

    With Postfix ≥ 3.4, specify instead a single file that holds the key followed by the corresponding certificate and any associated issuing certificates, leaving the "smtpd_tls_cert_file" and "smtpd_tls_key_file" and related DSA and ECDSA parameters empty.

    Code
    1. smtpd_tls_chain_files = /etc/postfix/rsachain.pem
    2. smtpd_tls_cert_file =
    3. smtpd_tls_key_file =